cURL is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability using directory-traversal characters ('../') to perform unauthorized actions.